Agency Information Guide

The Information and Privacy Commission NSW (IPC) has published its Agency Information Guide (AIG) in accordance with section 20 of the Government Information (Public Access) Act 2009 (GIPA Act). It provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.

The AIG appears below or can be viewed and downloaded here IPC Agency Information Guide, updated February 2023.

1. Introduction

The Information and Privacy Commission NSW (IPC) is committed to ensuring that citizens can access its information easily and at the lowest reasonable cost.

Given our regulatory role, we have a mandated focus and commitment to access to government information. We especially support the broad object of the Government Information (Public Access) Act 2009 (GIPA Act) to advance a system of responsible and representative democratic Government that is open, accountable, fair and effective. We also uphold the specific presumption in the Act in favour of the disclosure of government information unless there is an overriding public interest against disclosure.

Agency Information Guides (AIGs) play an important role in promoting access to information, supporting participation and contributing to Open Government. As government transforms service delivery through the application of digital technologies, information should be more readily accessible to citizens. New ways of storing, locating and providing information become available through digital technology and agencies have new opportunities to uphold their responsibilities to make information available.

This AIG is published in accordance with section 20 of the GIPA Act and provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.

The purpose of the IPC AIG is to provide general information on the:

structure and functions of the IPC
ways in which the functions of the IPC, including the decision-making functions, affect members of the public
specific arrangements in place to enable members of the public to participate in the formulation of IPC policy and the exercise of IPC functions
kinds of government information held by the IPC
kinds of government information held by the IPC that is made publicly available
manner in which the IPC makes or will make government information publicly available
kinds of information that are (or will be) made publicly available free of charge and those kinds for which a charge is (or will be) imposed.

Where appropriate, links have been provided to documents, reports, data and other information throughout this AIG.

This AIG is reviewed at least every 12 months and is available from the IPC website at www.ipc.nsw.gov.au/agency-information-guide. The IPC values your feedback on this AIG to ensure the highest levels of accessibility are achieved. You can provide feedback via email at ipcinfo@ipc.nsw.gov.au or by phone on 1800 472 679.

Elizabeth Tydd

IPC CEO, Information Commissioner

NSW Open Data Advocate

2. About the IPC

2.1 About the agency

The IPC was established on 1 January 2011 under the Privacy and Government Information Legislation Amendment Act 2010 by merging the Office of the Information Commissioner and Privacy NSW. The Bill established the Information Commissioner as Chief Executive Officer of the IPC.

The IPC is a separate agency that administers NSW legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their statutory responsibilities and functions to ensure that individuals and agencies can access consistent information, guidance and training on information access and privacy matters.

More information about the IPC is available in the About Us section on the IPC website.

2.2 IPC functions

The IPC was established to provide a single place for agencies and the community to seek information and assistance with information access and privacy rights in NSW. The IPC promotes and protects privacy and information access rights in NSW by:

providing information, advice, assistance and training for agencies and individuals on privacy and access matters
reviewing the performance and decisions of agencies under the GIPA Act
investigating and conciliating complaints relating to regulated entities
providing feedback and advice to Government about the legislation and relevant developments in the law and technology.

The IPC takes a contemporary, proactive regulatory approach. Its regulatory and business efforts are aimed at ensuring that the IPC and regulated entities operate in ways that advance information access and privacy protection for the citizens of NSW. Further information about the IPC’s regulatory approach is contained in the Regulatory Framework and associated plans and policies.

The functions of the IPC are overseen by the NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission.

2.3 Information access

The Information Commissioner administers the following legislation:

Government Information (Public Access) Act 2009 (NSW) (GIPA Act)
Government Information (Public Access) Regulations 2018 (NSW) (GIPA Regulations), and
Government Information (Information Commissioner) Act 2009 (NSW) (GIIC Act).

The Information Commissioner has the power to review decisions made by other NSW government agencies and deal with complaints about information access, undertake investigations, monitor agency functions and report to the Attorney General and the Minister for Customer Service and Digital Government, Minister for Small Business, Minister for Fair Trading about proposals for legislative or administrative change. The Information Commissioner is the Chairperson of the Information and Privacy Advisory Committee.

Additionally, the Information Commissioner provides feedback about the legislation and relevant developments in the law and technological change as it impacts on information access.

The Information Commissioner is also:

an investigating authority under the Public Interest Disclosures Act 1994
the NSW Open Data Advocate.

In the role of Open Data Advocate, the Information Commissioner encourages the proactive public release of government information by agencies in ways that are respectful of data sharing safeguards, and provides information, advice and assistance to agencies and the NSW public on access to government information. The role also provides advice to the Data Analytics Centre (DAC) and across NSW Government on the proactive release of non-personal data. The role of Open Data Advocate aligns with the functions of the Information Commissioner under the GIPA Act, in particular with authorising and encouraging the proactive public release of government information by agencies. The work of the Open Data Advocate is underpinned by the Open Data Policy and Action Plan. Further information is available from data.nsw.gov.au.

2.4 Privacy

The Privacy Commissioner administers the following legislation:

Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
Privacy and Personal Information Protection Regulation 2014 (NSW) (PPIP Regulation)
Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
Health Records and Information Privacy Regulation 2022 (NSW) (HRIP Regulation)

The Privacy Commissioner’s role includes promoting privacy; preparing reports; recommending legislative, administrative or other action in the interests of privacy; and conducting inquiries and investigations into privacy related matters.

The Privacy Commissioner also oversees the conduct of internal reviews by regulated entities and deals with complaints about privacy related matters. The Privacy Commissioner has the power to receive, investigate and conciliate complaints made against an agency, health service provider or organisation holding health information. The Privacy Commissioner also provides assistance to agencies in adopting and complying with the information protection principles, privacy codes of practice and the mandatory notification of data breach scheme. The Privacy Commissioner reports to the Ministers responsible for the above legislation about proposals for legislative or administrative change.

2.5 Corporate functions and services

The IPC has corporate functions and obligations that it’s required to fulfil including the effective and efficient management of:

finances
staff
procurement
assets
annual reporting
information technology
legislative compliance
corporate governance.

These functions are conferred on the IPC under a number of Acts. Some of the key Acts include the:

Government Sector Employment Act 2013 – employment of staff
Government Information (Public Access) Act 2009 – publication of certain government information and granting access to other information
Privacy and Personal Information Protection Act 1998 – standards and requirements for collection and use of personal information
Work Health and Safety Act 2011 – requirements for healthy and safe work practices
Workplace Injury Management and Workers Compensation Act 1998 – management of injury and return to work
Annual Reports (Departments) Act 1985 – requirements for annual reporting
Government Sector Finance Act 2018 – management and administration of financial affairs
Public Interest Disclosures Act 1994 – requirements for dealing with complaints under the Act.

The IPC is supported to undertake many of these functions by the Department of Customer Service.

2. Organisational structure

The IPC is a separate agency under Schedule 1 of the Government Sector Employment Act 2013 (GSE Act) and the Information Commissioner is appointed as agency head and is responsible to the relevant Minister. As the agency head, the Information Commissioner is responsible for the budget and the general administration of the IPC, including employing and allocating staff to carry out work.

The NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission oversees the functions of the Information Commissioner and Privacy Commissioner. The Information Commissioner reports to the NSW Parliament on the operation of the GIPA Act. The Privacy Commissioner reports to the NSW Parliament on the operation of the PPIP Act and the HRIP Act.

The Information Commissioner, Elizabeth Tydd, was appointed under the Government Information (Information Commissioner) Act 2009 for a term of five years. Ms Tydd was appointed on 23 December 2013 and re-appointed for a further five-year term in December 2018.

The Privacy Commissioner, Samantha Gavel, was appointed under the Privacy and Personal Information Protection Act 1988 for a term of three years. Ms Gavel was appointed on 4 September 2017 and re-appointed for a further three-year term in September 2020.

The IPC has four business units to assist the CEO in the exercise of its. These units are:

Communication and Corporate Affairs – strategically informs, shapes and delivers the IPC’s regulatory message to stakeholders
Legal Counsel and Regulatory Advice – develops regulatory advice, reporting and intelligence services to support the IPC and the Commissioners
Investigation and Review – delivers the IPC’s and Commissioners’ regulatory functions to promote compliance with the legislation and support members of the public to access their rights
Systems and Corporate Services – provides HR, IT, procurement and other business services in conjunction with external providers.

See the full copy of the IPC’s corporate structure on the IPC website.

Each year, the IPC reports on its activities over the course of the year through its Annual Report. See the IPC website for all published Annual Reports to date.

3.1 IPC contact details

For further information, you can contact the IPC using the details below:

Post:                           Information and Privacy Commission, GPO Box 7011, SYDNEY NSW 2001
Email:                         ipcinfo@ipc.nsw.gov.au
Website:                     www.ipc.nsw.gov.au
Telephone:                 1800 472 679
Media enquiries:       0435 961 691
Media email:              communications@ipc.nsw.gov.au

Office location

Level 15, McKell Building 2-24 Rawson Place, Haymarket NSW 2000

COVID-19: The IPC is providing service as normal, however are not taking in-person enquiries. To contact the IPC, please email or phone.

4. How the IPC engages with the public and its stakeholders

4.1 Public participation

The IPC is committed to promoting public participation and establishing arrangements that support members of the public to participate in the formulation of policies and the exercise of its functions.

The IPC recognises the importance of public involvement in the development of policy and service delivery. Engaging with and maintaining public participation ensures that the needs and expectations of the public are considered in the business of government and can deliver meaningful improvement in policy outcomes and service delivery.

Throughout the year the IPC looks for opportunities to engage directly with the public, to seek input on its work, in the exercise of its functions and on important issues affecting information access and privacy rights.

Each year the IPC engages directly with the public through Privacy Awareness Week in May, and Right to Know Week in September. These events are detailed on the IPC Campaigns and Key Events page on the IPC website.

4.2 IPC engagement channels

The IPC engages with the public regularly through a number of electronic channels, to provide a fast and easy way for the public to engage, seek assistance or provide feedback.

When considering any consultation with the NSW community, the IPC takes into consideration what it is asking, why it is asking it, and who it wants to ask. This informs which channel will be used to conduct the consultation or survey.

The IPC uses its website, social media, email groups and other communication channels to let people know when it is conducting public consultations. The IPC will provide you with the necessary information to understand the purpose of any consultation it does.

Surveys

The IPC conducts surveys to obtain the views of its stakeholders to inform the statutory reports of the Commissioners and the IPC’s broader regulatory work. Survey results assist in understanding citizen’s knowledge and awareness of information access and privacy legislation, key themes and trends. This information is used to inform the development of regulatory resources. The IPC proactively publishes the results from the surveys conducted on its website and these results are generally available as part of its reports.

IPC website

The IPC website is used to provide the public with resources and information about regulatory functions and activities, awareness campaigns, submissions, events, policies, news and developments. Members of the public can use the Contact us section of the website to get in touch and provide feedback on its activities and functions. The website can be accessed at www.ipc.nsw.gov.au.

The IPC website details the release of new information through a number of links, particularly resources on information access and privacy, as well as specific information that was developed or updated as a result of the COVID-19 pandemic. There are landing pages for information access and privacy, with quick links to simplify finding information, including its Compliance Audit Calendar and Privacy Proactive Regulatory Initiatives Calendar. The IPC continues to publish compliance reports for information access and privacy.

Social media

The IPC Twitter account (@IPCNSW) is used to provide the public with instantaneous information about news, publications, consultations, campaigns, and other areas of interest relating to the IPC. The IPC Twitter account is monitored during office hours. Members of the public can join the conversation, however the IPC may not be able to respond individually to all the messages that it receives via Twitter. Additionally, given the character limitation on Twitter, the IPC may request that you contact it directly via other channels to complete your enquiry.

The IPC Facebook account is used to provide information to citizens on information access and privacy matters and raise public awareness about their rights under NSW information access and privacy legislation. The IPC Facebook account is also monitored during office hours. Members of the public are able to send direct messages via Facebook, however it is requested that you contact the IPC via its other channels to complete your enquiry.

The IPC LinkedIn account is used to promote and encourage connection with the IPC by other organisations and agencies. Where possible, this channel is used to promote the release of new guidance, events, launches and proactive campaigns for Right to Know Week and Privacy Awareness Week.

When engaging with any IPC social media account, all engagement must align with the IPC’s Social Media Terms of Use.

NSW Have Your Say

Have Your Say is a website that enables NSW Government agencies to publicise consultations being conducted throughout the state. The site provides a central place for the public to search via their location and/or by topic to discover consultations that interest them.

It enables them to share their views and ideas on Government plans to improve services, the economy and infrastructure in NSW. We use Have Your Say as an additional channel whenever we commence a consultation.

Open Data

The IPC receives agency reports containing data on GIPA obligations and these reports are used by the IPC as the basis for the Information Commissioner’s annual Report on the Operation of the Government Information (Public Access) Act 2009, across all agencies and dis-aggregated to the sector level.

As part of the IPC’s commitment to Open Data and transparency in government, and support of the NSW Government’s Open Data Policy (2020) the online agency-level GIPA data has been made more accessible by publishing it in a form that allows deeper analysis and comparisons.

OpenGov NSW

OpenGov NSW is a website that allows NSW Government agencies to make information available to the public including annual reports and open access information released under the GIPA Act. The IPC utilises this channel to publish annual reports, and to proactively release open access information for the public.

Information and Privacy Advisory Committee (IPAC)

IPAC is an advisory body to the Information Commissioner and the Privacy Commissioner. Members of IPAC are appointed by the NSW Attorney General and Minister for Customer Service and Digital Government, Minister for Small Business, Minister for Fair Trading from representatives of the public providing opportunity for the community to participate and contribute to the advancement of information access and privacy rights.

Information about IPAC is available here.

4.3 Feedback and complaints

The IPC welcomes input and feedback from the public, community organisations and government agencies regarding its services and publications. The IPC receives a range of diverse correspondence and complaints through a variety of channels including via the IPC website, emails, letters, phone calls and social media.

Members of the public are encouraged to provide feedback on IPC services and publications. This feedback is important to the IPC and assists in informing its policies and publications, and improving its services.

The IPC publishes the results of its client satisfaction surveys annually in its Annual Report.

The IPC is committed to responding to feedback and complaints in accordance with the IPC Service Charter.

All feedback and complaints are dealt with confidentially and personal information is managed in accordance with the privacy protection principles in the PPIP Act. Further information about how the IPC handles personal information is available in the IPC Privacy Management Plan.

You can provide feedback by using the contact details contained in section 3.1 of this document.

4.4 How to provide input on regulatory activities

As an agency that administers NSW information access and privacy legislation, a key part of the IPC’s work is delivered through regulatory functions and activities. These relate primarily to the review, complaint, reporting, investigative and advisory work of the IPC.

The Regulatory Framework, which combined with the IPC Regulatory Plan 2022 - 2024, sets out the regulatory approach and priorities in promoting compliance and protecting information access rights and privacy.

The IPC uses a range of approaches to deliver the compliance activities identified as necessary to achieve regulatory objectives and to influence long-term cultural change for better information access by agencies.

This involves the examination of process and legislative requirements to inform development of regulatory activities and resources. The development of individual regulatory activities creates an opportunity for meaningful engagement with both agencies and citizens in raising awareness and understanding of the GIPA Act. The engagement is designed to be achieved through the mechanisms outlined in section 4.2 of this AIG.

Through the review of agency decisions and complaints received, the public plays an important role in informing the Information Commissioner on systemic issues, themes and developing trends, and informs the development of the IPC Regulatory Plan each year.

In addition, the IPC welcomes other feedback from the public on agency compliance, including concerns about accessing information under the GIPA Act.

You can provide feedback by using the contact details contained in section 3.1 of this document. The IPC also seeks out feedback from the NSW community and its stakeholders on its regulatory activities through its website.

5. Information the IPC holds

The IPC holds a range of information including:

policy and planning documents
documents on the internal administration of the agency
internal working papers of the agency
documents prepared for submission to the NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission
documents relating to complaints, audits, reviews and investigations conducted by the Information Commissioner and the Privacy Commissioner
correspondence with NSW government agencies
correspondence with the public
correspondence with other jurisdictions
guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
submissions made by Commissioners to parliamentary and other inquiries
advice provided by Commissioners to the Minister for Customer Service and Digital Government, Minister for Small Business, Minister for Fair Trading as required under the Digital Restart Fund Act 2020
information resources for the community, public sector and private sector.

Some of this information can be accessed online at www.ipc.nsw.gov.au. If you find that you are having difficulties reading documents or other material, or if you cannot find the information you are seeking on the website, please contact the IPC using the details contained in section 3.1 of this document.

6. How to access the IPC’s information

The IPC keeps records associated with its functions of reviewing agency decisions, providing advice and guidance to the public and regulated entities as well as other non-regulatory functions.

The IPC makes information available under the GIPA Act in four ways:

as open access information
through proactive release of information
through informal access
in response to a formal access application.

6.1 Open access information

Information which is classified as open access information, is information that the IPC is required to make available. This information is made available unless it is not in the public interest to do so.

Open access information that the IPC makes available is generally via its website free of charge. This freely available information is generally provided through the following publications:

IPC Annual Reports
IPC Strategic Plan
other documents tabled in Parliament concerning the IPC
current agency policy documents
all current privacy and information access guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
Register of government contracts and tenders
the IPC’s disclosure log (section 6.6 of this guide provides further information about the IPC’s disclosure log)
this IPC Agency Information Guide.

6.2 Proactive release of information

Through the disclosure of proactive information, the IPC aims to assist the public with access to other government information. The IPC discloses other government information that it holds that is not required by the GIPA Act in the form of open access and routinely identifies information for proactive release.

For example, in 2022 the IPC released its Quarterly Performance Reports via its website. During 2023, the IPC will continue to look for opportunities to develop its proactive release.

Currently, proactively released information that is available on the IPC website includes:

6.3 Informal access

Members of the public can request information that is not available through its website. The IPC will endeavour to respond to these requests informally, and only require a formal access application in limited circumstances.

If the information is in the public interest to disclose, the information will be made available free of charge.

An informal request for access to information can be made by contacting the IPC’s Right to Information Officer – see contact details below at section 6.7.

6.4 Formal access applications

After considering requests to informally access information, applicants who want to submit a formal access application can do so by contacting the Right to Information Officer.

To make a formal access application for information held by the IPC, an access application must:

be in writing and
sent by email to ipcinfo@ipc.nsw.gov.au; or
lodged via post to Information and Privacy Commission GPO Box 7011 SYDNEY NSW 2001
clearly indicate that it is a formal access application made under the GIPA Act
state the name of the applicant and a postal or email address as the address for correspondence in connection with the application
provide such information as is reasonably necessary to enable the government information applied for to be identified.

An applicant must disclose on their access application whether they have applied to another agency, at any time, for substantially the same information, and if so, they must identify the agency. However, an application will not be invalid if an applicant fails to make this disclosure.

A GIPA Access Application form for information held by the IPC is available on the IPC website.

Under section 127, of the GIPA Act, the IPC has exercised its discretion to waive all fees and charges associated with access applications. This supports the object of the GIPA Act, which is intended to facilitate access to government information at the lowest reasonable cost.

Applicants intending to make a formal application are encouraged to consider the impact of the excluded information provisions on the information that they intend to request access to. This is outlined in summary at section 6.5 of this AIG.

For further assistance, you can contact the IPC’s Right to Information Officer (section 6.7).

6.5 Excluded information

The GIPA Act prescribes that some information held by the IPC, which forms part of the complaint handling, review and investigative functions relating to the Information Commissioner and Privacy Commissioner, is excluded information.

This means that there is a conclusive presumption against the release of this information unless the release of the information has been consented to. An access application for this type of excluded information is considered an invalid access application under the GIPA Act.

6.6 Disclosure log

The IPC maintains a disclosure log under section 25 of the GIPA Act which documents the information it releases in response to access applications, and that may be of interest to members of the public.

The disclosure log provides a mechanism to further proactively release information to the public.

A regular review of the IPC’s disclosure log provides a valuable opportunity to analyse data collected from across the IPC on requests for information and to identify trends and documents that could be released proactively. This allows the IPC to update the AIG to reflect the released information. Increased disclosure of information from the disclosure log allows citizens greater opportunity to participate in the policy formulation and service delivery, and identifies trends and documents that could be released proactively.

6.7 The IPC’s Right to Information Officer

The IPC’s Right to Information Officer can be contacted using the details below:

Right to Information Officer, Information and Privacy Commission

Post:                           GPO Box 7011, SYDNEY NSW 2001
Email:                         ipcinfo@ipc.nsw.gov.au
Phone:                        1800 472 679
Business Hours:       Monday to Friday 9am to 5pm (excluding public holidays)
Office:                        Level 15, McKell Building 2-24 Rawson Place, Haymarket NSW 2000

Due to COVID-19, the IPC are not taking in-person enquiries and encourages you to contact the agency via email or phone. For more information, please see the COVID-19 webpage.

The IPC can be contacted through the National Relay Service (NRS) on 133 677 for anyone with a hearing or speech impairment and through the Translating and Interpreting Service (TIS) on 131 450 for anyone requiring the assistance of an interpreter.